Biometric authentication of individuals utilizing characteristics of bone and blood vessel structures

ABSTRACT

Biometric authentication of a subject utilizing bone and/or blood vessel (vein or artery) structures is provided. A vertice profile is generated from a non-invasive, multi-dimensional image scan of a subject or a portion thereof. The vertice profile is generated by identifying relative locations of divots and peaks on a surface of a bone structure or by identifying branch intersections and traversals of blood vessels. Additional varication techniques can be used for proof of life (verification of human subject). If authenticated, access to physical or digital/virtual assets is allowed.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority under 35 USC 120 to U.S. Prov. App. No. 62/474,470, filed Mar. 21, 2017, the content of which is being hereby incorporated by reference in its entirety.

FIELD OF THE INVENTION

The invention relates generally to biometric identification technology, and more specifically, the authentication of a subject's identity using bone and blood vessel structure matching for improving biometric identification technology.

BACKGROUND

Biometric authentication provides improved security over passwords of PINs. While the latter can be compromised and presented for access by any individual, the former makes sure that a specific individual matching the biometric data is granted access for transactions.

However, even biometric authentication has vulnerabilities that are not tolerable in high security systems. For example, fingerprints are exterior characteristics that can be lifted from doorknobs or the like and surreptitiously applied for access by the wrong individuals. Furthermore, fingerprint and iris scanning are both based on 2D scanning which limits characterization, leading to fewer points of matching to determine whether the correct individual is requesting access.

Various techniques using ultrasound can provide 3D imaging for higher granularity. However, these techniques have been implemented in large form factor devices that are not amenable to mobile smartphones or other devices that have primary functionality other than ultrasound image scanning. Another problem with current technologies using ultrasound scanning of body parts is proof of life, or in other words, there is no guarantee the object scanned is composed from human organics and is not a manufactured replica. Yet another problem is the dynamic nature of organics, including changes that can require a subject to periodically update database records used for identification.

What is needed is a robust technique for biometric authentication utilizing 3D imaging of internal bone and/or blood vessel structures in conjunction with other authentication methodologies employed by one or more electronic devices, such as conventional fingerprint scanning on a smartphone and/or a user PIN code to provide enhanced levels of biometric identity authentication.

SUMMARY

To address the above-mentioned shortcomings, systems, methods, and computer-readable mediums are provided for biometric authentication of individuals utilizing characteristics of bone and/or blood vessel structures scanned at a point of authentication.

In accordance with some embodiments, a method for biometric authentication of users utilizes bone structures. The data transmission includes an anatomical multi-dimensional image of a scanned bone structure sent from a first biometric device to the authentication server. The method then generates, via a processor and memory of the authentication server, a vertice profile from relative locations of divots and peaks localized in the bone structure. The method then determines, via the processor and memory of the authentication server, if the generated vertice profile and a database stored vertice profile, through comparison, meets a pre-determined threshold of accuracy. In the affirmative determination, the authentication to the subject is granted through the network interface of the authentication server.

In accordance with some embodiments, the anatomical multi-dimensional image captures a plurality of relative locations of divots and peaks localized to a surface of bone structure. In some other embodiments, the anatomical multi-dimensional image captures branch points and traversals between branch points of the blood vessel (vein and/or artery) structure. The vertice profile generated can include data describing the relative locations of divots and peaks localized and/or the branches and traversals. The processor then determines if the generated vertice profile matches a vertice profile previously stored on a database to a sufficient threshold. One implementation predicts changes in bones or blood vessels, and takes predicated changes into account for authentication. In the affirmative determination, the subject (human or non-human) is granted authentication to an asset.

In accordance with other embodiments, additional verification techniques used in combination or independently, such as proof of life (e.g., verifying a subject as a living subject), are provided using data from a second biometric device. In one example, a thermal profile is generated by the processor from the relative disparities of thermal characteristics from the thermal data transmission via a processor and memory of the authentication server. A determining step then compares the thermal profile and a database stored thermal profile against a threshold of accuracy. In an affirmative determination of this comparison and responsive to a determination that the generated vertice profile and a database stored vertice profile meeting a pre-determined threshold of accuracy, authentication is provided to the subject.

In yet another embodiment, the scanning device employs a light transducer to increase resolution of the anatomical multi-dimensional image. Furthermore, modulation rate of the light transducer can be dynamically tuned for a particular subject being scanned.

Other aspects and features will be evident from reading the following detailed description of the preferred embodiments, which are intended to illustrate, not limit, the invention. Advantageously, biometric identification technology is improved by characterizing bone and/or blood vessel structures of an individual.

BRIEF DESCRIPTION OF THE FIGURES

In the following figures, like reference numbers are used to refer to like elements. Although the following figures depict various examples of the invention, the invention is not limited to the examples depicted in the figures.

FIGS. 1A-1C illustrate various examples of points of authentication for 3D internal scanning from a finger, according to some embodiments.

FIGS. 2A-2C illustrates steps of generating a vertice profile from a scan of a finger bone at a point of authentication, according to some embodiments.

FIGS. 3A-3B illustrate steps of generating a vertice profile from a scan of blood vessels of a finger at a point of authentication, according to some embodiments.

FIG. 4A illustrates a dataset matching for vertice profiles between a database and a secure access asset requesting authentication, according to an embodiment.

FIG. 4B illustrates generation of a plurality of data points for a bone structure of a hand from an anatomical multi-dimensional image, according to an embodiment.

FIG. 4C illustrates generation of a plurality of data points for a blood vessel structure of a hand from an anatomical multi-dimensional image, according to an embodiment.

FIGS. 5A-5B are high-level block diagrams illustrating systems for biometric authentication of individuals using bone and/or blood vessel 3D internal imaging, according to some embodiments.

FIG. 5C is a more detailed block diagram illustrating the authentication server of the systems of FIGS. 5A-5B, according to one embodiment.

FIG. 6 is a high-level block diagram illustrating a method for performing biometric authentication and biometric verification to grant authentication based on an anatomic multi-dimensional image, according to one embodiment.

FIG. 7A is a more detailed block diagram illustrating a method for performing biometric authentication of a subject using an anatomic 3D image using bone and/or blood vessel multi-dimensional imaging, according to one embodiment.

FIG. 7B is a more detailed block diagram further detailing the step of generating a vertice profile from the anatomic multi-dimensional image from a bone structure, according to one embodiment.

FIG. 7C is a more detailed block diagram further detailing the step of generating a vertice profile from the anatomic multi-dimensional image from a blood vessel structure, according to one embodiment.

FIG. 8 is a more detailed block diagram illustrating a method for performing biometric verification of a subject using a thermal profile, according to one embodiment.

FIG. 9 is a block diagram illustrating an exemplary computing device, according to one embodiment.

DETAILED DESCRIPTION

The present invention provides methods, non-transitory computer-readable mediums, and systems for biometric authentication of individuals using unique characteristics bone and/or blood vessel (vein or artery) multi-dimensional internal imaging (e.g., ultrasound). One of ordinary skill in the art will recognize that many other scenarios are possible. For example, ultrasound imaging is used herein for illustration purposes, but other types of imaging known now and developed in the future can be implemented as well.

Generally, the herein-described techniques of biometric authentication of individuals utilizing characteristics of bone and/or blood vessel structures improve and interact with various electronic devices (e.g., smartphones, etc.) to provide access to secure assets. In one case, methods used for biometric authentication can be used in conjunction with other authentication methodologies employed by one or more electronic devices, such as conventional fingerprint scanning on a smartphone and/or a user PIN code to provide enhanced levels of identity authentication.

In some instances, the biometric authentication technology can be used to enhance other security provision technologies. For example, the instant techniques may be implemented in a unique collaborative methodology with a gun vault in order to provide access to the secure asset (e.g., a rifle). In another example, the instant techniques may be implemented in a unique collaborative methodology with computer software authentication to enhance login credentials for an online bank account login (as well as other high security access systems).

I. Point of Authentication for Multi-Dimensional Internal Imaging (FIGS. 1A-1C)

FIGS. 1A-1C illustrate examples of point of authentication for 3D internal scanning from a finger, according to some embodiments. Scanning may also include other multi-dimensional scanning, such as 2D and a 2D scanning enhancement technology to emulate 3D. The techniques described herein can be implemented from points of authentication, including smartphone apps, ATM machines and other financial transactions, replacing all credit cards and known ID's, door or gate access, home locks, automobile engine starters, sales transactions, gun triggers, government functions, REAL ID Act replacement, Immigration ID passport replacement, fraud prevention, full body scanners, and any other context requiring confirmation of a specific individual for transaction. One implementation scans subjects (human or non-human) in motion as they walk through a security screening area (such as that at a TSA (Transportation Security Administration) security check point or other.

At the point of authentication, a finger, hand, portion of the body, or full body is scanned for multi-dimensional anatomical internal imaging (e.g., 3D imaging). In response, a back-end computer system compares anatomical images to stored anatomical images for identifying a match, as described in more detail below. If a successful match is returned, the point of authentication can continue in performing requested actions or processing. In some embodiments, additional points of authentication may be utilized for full authentication and/or verification of a subject, such as proof of life (for both humans and non-humans) and blood analysis. Proof of life prevents prosthetic limbs or other man-made objects from causing false positive authentications.

The point of authentication includes a scanning engine which performs the multi-dimensional internal scanning for a subject. The scanning engine may operate in any frequency range, including for example in the kilohertz or terahertz frequency ranges. Examples of this implementation can be seen in later FIGS. 5A and 5B with scanning engines 515A and 515B respectively.

II. Generating and Matching Vertice Profiles of Bones and/or Blood Vessels (FIGS. 2A-5C)

FIGS. 2A-2C illustrates steps for generating vertice profiles from an anatomical ultrasound image of bones, according to some embodiments. The multi-dimensional image reveals unique characteristics of bones and blood vessels with a high degree of granularity. For example, hundreds or thousands of localized divots and peaks can be identified in a finger scan represented by spatial coordinates. This can be seen in FIG. 2A where a zoomed in image shows a plurality of prospective divots and peaks for a finger. The scan is analyzed by a processor (e.g., a vertice generation engine as shown in FIG. 5B) to find each individual marker that matches a profile, for example, by recognizing divots and peaks of the scan having a certain size and or position. Many other criteria can be implemented for identifying unique aspects of scans.

Next, relative locations of each unique characteristic are marked and vertices are identified. FIG. 2B illustrates a marking of the confirmed plurality of divots and peaks throughout the entire bone structure which have been scanned. This is performed for a localized dataset (e.g., a portion) of the 3D image in an iterative basis until the entire image is marked. The determination of the divots and peaks may be accomplished by applying the anatomical multi-dimensional image to a pre-determined dataset having specific properties with allowable variance for qualification of divots and peaks. For example, divots can be quantified with respect to depth below a bone surface and peaks can be quantified with respect to height above a bone surface. Shape or geometric constraints and other characteristics can also be analyzed. Subsequently, location coordinates of the identified plurality of divots and peaks, or vector maps, can be extracted for the generation of the vertice profile. The vectors represent the relative distance between the 3D coordinates, regardless of absolute value of the 3D coordinates. This is illustrated in FIG. 2C where the divots and peaks of the finger are analyzed through a vector mapping and a profile is visually illustrated which has been generated from the locations of the divots and peaks. As a result, a digital vertice profile of the image is generated from the vector mapping. The vertice profile includes a set of relative 3D coordinates.

The vertice profiles can be represented graphically or through data points (e.g., hundreds or thousands of 3D coordinates). The vertice profile can differ from among different scanning images, due to positioning, camera resolution, scanning surface, and many other factors. The vertices may be stored by the authentication server or another suitable system component.

In some embodiments, an optional technique ensures proof of life, or in other words, that a living human or a living non-human (e.g., animal or other species) appendage is being used for authentication. In some embodiments, a living human or non-human appendage can be interpreted as any organic living biological entity, organic human or non-human data, muscle tissue, human or non-human organs, and the like. More specifically, a thermal profile or laser/luminance (color signature) component validates thermal characteristics or color signatures within a range of live human or non-human data. This prevents prosthesis from being used to replicate a subject. In some embodiments, a thermal data transmission is received by the authentication server. The thermal data transmission includes thermal characteristics such as heat values corresponding with specific coordinates of the live/human or non-human appendage, temperature maps corresponding with specific coordinates of the live/human or non-human appendage, and similar thermal characteristics. A thermal profile is generated from one of the thermal characteristics and/or relative disparities of the thermal characteristics from the thermal data transmission. The thermal profile may be a dataset of thermal properties relative to localized coordinates of the live human or non-human appendage. The thermal profile is then compared against a database stored thermal profile. The database stored thermal profile contains the verified biometric information of the subject which is stored electronically in a database. A comparison is conducted between the thermal profile and the database stored thermal profile, where a disparity is allowed within a pre-defined accuracy threshold. An example of this implementation can be seen in FIG. 8.

FIGS. 3A-3B illustrate steps of generating vertices from a scanned anatomical image of blood vessels according to some embodiments. The technique for generating vertice profiles for blood vessels can be similar to that of generating vertice profiles from bone structures. FIG. 3A represents the blood vessel geometry which is identified by mapping the blood vessel structure through a series of 3D coordinates. In some embodiments, unique characteristics differ between bones and blood vessels. For instance, markers can be located at branch points of blood vessels. These branch points can be seen as the indicated dots (e.g., markers) in FIG. 3B. A blood vessel branch may be considered as an intersection (or wye) between two distinct blood vessel paths. In similar fashion to FIG. 2C in the above example, the blood vessel geometry may be represented as vector mapping, wherein the vector mapping represents the relative distance between the branch points. In some embodiments, temperature, laser/luminance (color signature) and bone density profiles can enhance information. Data can be secured with block chain technology or other techniques.

Continuing from the example of FIG. 2A-C and FIG. 3A-B, FIG. 4A illustrates a comparison of data points from scanned data points of the finger as compared to a vertice profile for the finger stored in a server. In this example, coordinates are generated for marker and/or vertices of vertice profiles. Some cases involve additional characteristics data associated with the data points such a temperature, color and other analytical data. Separate examples are provided illustrating data points for scanned data points of different anatomical image scans. For example, FIG. 4B illustrates a bone scan of a full hand scan. The left side of the figure illustrates the graphic of the hand which includes a plurality of points, whereas the right side of the figure illustrates a list of data points which correspond to the graphic of the hand. Similarly, FIG. 4C illustrates a blood vessel scan of a full hand scan. The left side of the figure illustrates the graphic of the hand which includes a plurality of points depicting the branch points of the blood vessel data points visually, whereas the right side of the figure illustrates a list of data points which correspond to the graphic of the hand.

A local or remote database of vertice profiles is accessed for comparison of an instant vertice profile. Levels of tolerance based on a pre-determined threshold for matching may be implementation specific. For example, a high security context (e.g., financial transaction) can have tighter tolerances than a minimum-security context (e.g., log-in to e-mail). Once a match is identified, a successful authentication message can be output and access granted. A pre-determined threshold may be set by the system administrator, a third-party authentication services, or a subject of the authentication services.

In some embodiments, matching vertice profiles are associated with a particular subject account storing permissions or policies. The permissions may allow a subject immediate access while other permissions require additional verifications. Further, some subjects are granted deeper access than others (e.g., administrator access versus guest access).

III. Systems for Authentication (FIGS. 5A-5C)

FIG. 5A is a high-level block diagram illustrating a systems 500A and 500B for biometric authentication of individuals using bone and/or blood vessel structure 3D imaging over a wide area network (WAN) for logging on to an online financial account server using a smartphone, according to one embodiment. The system 500A can include a smartphone 510A coupled to an authentication server 520A through a WAN network 501A. The secure access asset is an online financial account server 530A. Other system implementations are localized rather than distributed. Preferably, some embodiments of the system 500A is configured to provide real-time authentications. Other embodiments authenticate locally at the smartphone 510A without any, or just limited, transactions over a network to the authentication server 520A. Also, the smartphone 510A can be any mobile or stationary processor-driven device, such a full system of computers at a TSA check point.

In similar configuration, FIG. 5B is a high-level block diagram similar to FIG. 5A, with the utility of allowing a full body scanner to be used to access a physical locking mechanism on a local area network (LAN). A full body scanner 510B serves as the point of authentication which allows for a subject to 3D scan their full body for bone and/or blood vessel structures. The scanning engine 515B provides for the full body scanning capacity of the subject to be sent, through the LAN network 501B, to the authentication server 520B. The secure access asset of the present embodiment is a physical locking mechanism 530B.

The scanning engines 515A, 515B quickly measure hundreds or thousands of points of unseen bone and blood vessel structures. The scanning engines 515A, 515B can be small form factor ultrasound scanning devices integrated completely with the smartphones 510A, 510B, or plugged into or connected via Bluetooth or the like. One embodiment also includes a light transducer (e.g., a 6.5 kHz, 30 V, 350 Ohm piezo electric transducer made of brass and having wire terminals, by Digi-Key Electronics of Thief River Falls, Minn.) operating at various frequencies to enhance the resolution of image capture during non-invasive scans. For example, transducer illumination can be combined with 100-300 MHz or Terahertz scan frequencies. The light transducer is dynamically tuned to a particular subject in one instance. Other embodiments include algorithms to predict changes over time in bone or blood vessel structure due to degenerative diseases, age, and other factors that result in structure alterations. A baseline image used for comparison can be modified for comparisons rather than requiring users to re-enroll baseline images. Still another embodiment provides poof of life by confirming that a scanned body part is from a living human or non-human.

A secure access asset (e.g., 530A, 530B) can be any type of asset or system which requires authentication from the systems 500A and 500B, physical or digital/virtual. For example, a door lock or networked rifle case which requires biometric authentication may be physical secure access assets. In other examples, online bank accounts or cryptocurrency wallets, and credit cards may be digital/virtual secure access assets. The secure access assets interface with the authentication server and point of authentication through a network interface over the network. After authentication, an electronic lock nearby a user can be remotely unlatched, a grant access command can be sent over a network to a remote online account, or local data can be unleashed from point of authentication itself. Many other actions are possible once authentication has been completed.

FIG. 5C is a more detailed block diagram illustrating the detailed operations of the authentication server 520 (generically representing authentication servers 520A and 520B of FIGS. 5A and 5B), according to one embodiment. An anatomical image database 522 stores 3D images and/or vertice profiles saved when users enroll. For example, a subject may be required to scan their finger for enrollment using the system by placing their finger at the scanning engine component of the point of authentication in the same manner as subsequent scans used for access. In other embodiments, pre-existing vertice profiles may be loaded by third party services, whereby the subject being authenticated may provide pre-authorization to use the pre-existing vertice profiles. In some embodiments, the anatomical image database 522 and others are remote third-party services.

A vertice generation engine 524 generates vertice profiles from the point of authentication utilizing multi-dimensional images. As described earlier, and as illustrated in FIGS. 2A-C and 3A-B, the vertice generation recognizes divots and peaks of the scan having a certain size and or position. This is saved in a vertice profile as a set of data points. In some embodiments, the set of data points may be represented as vectors. The vertice generation engine 524 then takes the generated vertice profile and compares it against a stored vertice profile from the anatomical image database 522 and determines whether it meets a pre-determined threshold. In some embodiments, the vertice generation engine 524 takes additional characteristics into account for comparison such as temperature and color. The networking communication module 528 contains all necessary hardware and software required for operating a network under a wired or wireless network operating under IEEE 802.11-type protocols, but can also be a hybrid network including some wired components. This allows for the authentication server to be networked to the network, the secure access asset, and the point of authentication (e.g., smartphone, full body scanner, and the like). In some embodiments, the vertice generation engine 524 may be situated local on the point of authentication (e.g., smartphone).

A network communication module 528 communicates with other part of a systems using physical I/O network ports, lower level communication protocols, and high layer software APIs (application programming interfaces) to abstract information for the anatomical image database 522 and the vertical generation engine 524.

IV. Methods for Authentication (FIGS. 6-7)

FIG. 6 is a high-level block diagram illustrating a method for performing biometric authentication and biometric verification to grant authentication based on an anatomic multi-dimensional image. The method 600 can be implemented by any of the systems 500A and 500B of FIGS. 5A and 5B. One of ordinary skill in the art will recognize variability in the grouping of steps and order of execution, within the spirit of the present disclosure.

At step 610, an anatomic 3D image scan of a subject for bone and/or blood vessel structure using first biometric device is performed by a first biometric device. At step 620, biometric authentication of subject using anatomic 3D image for bone and/or blood vessel is performed. Various implementations are discussed in further detail in FIG. 7A. At step 630, biometric verification is performed of the subject using a thermal profile. Various implementations are discussed in further detail in FIG. 8. At step 640, authentication is granted to the subject in response to successful biometric verification and successful biometric verification.

FIG. 7A is a more detailed block diagram of FIG. 6 illustrating a method for performing biometric authentication of a subject using an anatomic 3D image using bone and/or blood vessel multi-dimensional imaging, according to one embodiment. At step 710, scanned anatomic 3D images for bone structures are received from a biometric device. At step 720 vertice profiles are generated from the anatomical 3D images. Various implementations of vertice generation based on bone structure can be found in FIG. 7B (similarly for blood vessel structures in FIG. 7C). Various implementations of vertice generation based on bone structure can be found in FIG. 7C. The anatomical 3D image includes a plurality of relative locations of divots and peaks localized to the bone structure. At step 730, the generated vertice profiles are compared against a database of vertice profiles. In response to meeting a pre-defined threshold at step 740, authentication is deemed successful to the subject at step 760. Otherwise, an indication of unsuccessful authentication is found at step 750.

FIG. 7B is a more detailed block diagram further detailing the step of generating a vertice profile from the anatomic multi-dimensional image from a bone structure, according to one embodiment. At step 721, divots and peaks are identified for a localized dataset of the 3D image based on geometry of the bone structure. The localized dataset is a subset of the full 3D image. At step 722, the above step of 721 continues until all divots and peaks for localized datasets have been identified. At step 723, a vector mapping is generated based on the distances between the 3D coordinates of the divots and peaks. At step 724, a vertice profile is generated based on the relative 3D coordinates from the vector mapping.

FIG. 7C is a more detailed block diagram further detailing the step of generating a vertice profile from the anatomic multi-dimensional image from a blood vessel structure, according to one embodiment. At step 725, branches are identified for a localized dataset of the 3D image based on geometry of the blood vessel structure. The localized database is a subset of the full 3D image. At step 726, the above step of 721 continues until all branches for localized datasets have been identified. At step 727, a vector mapping is generated based on the distances between the 3D coordinates of the branches. At step 728, a vertice profile is generated based on the relative 3D coordinates from the vector mapping.

FIG. 8 is a more detailed block diagram illustrating a method for performing biometric verification of a subject using a thermal profile, according to one embodiment. At step 800, a thermal data transmission of a subject is received from a second biometric device. The thermal data transmission provides one or more thermal characteristics for live human or live non-human identification. At step 810, a thermal profile is generated from the relative disparities of the thermal characteristics. At step 820, a determination is made as to whether the thermal profile and database stored thermal profile meets a pre-determined threshold of accuracy. In response to meeting a pre-defined threshold at step 830, authentication is deemed successful to the subject at step 840. Otherwise, an indication of unsuccessful authentication is found at step 850.

V. Generic Computing Device (FIG. 9)

FIG. 9 is a block diagram illustrating an example computing device 900 for use in the system 500A of FIG. 5A, according to one embodiment. The computing device 900 is an exemplary device that is implementable for the authentication server 520A. Additionally, the computing device 900 is merely an example implementation itself, since the system 500A can also be fully or partially implemented with laptop computers, tablet computers, smart cell phones, Internet appliances, and the like.

The computing device 900, of the present embodiment, includes a memory 910, a processor 920, a hard drive 930, and an I/O port 940. Each of the components is coupled for electronic communication via a bus 999. Communication can be digital and/or analog, and use any suitable protocol.

The memory 910 further comprises network applications 912 and an operating system 914. The network applications 912 can include a web browser, a mobile application, an application that uses networking, a remote application executing locally, a network protocol application, a network management application, a network routing application, or the like.

The operating system 914 can be one of the Microsoft Windows® family of operating systems (e.g., Windows 95, 98, Me, Windows NT, Windows 2000, Windows XP, Windows XP x64 Edition, Windows Vista, Windows CE, Windows Mobile), Windows 7, Windows 8, Linux, HP-UX, UNIX, Sun OS, Solaris, Mac OS X, Alpha OS, AIX, IRIX32, or IRIX64. Other operating systems may be used. Microsoft Windows is a trademark of Microsoft Corporation.

The processor 920 can be a network processor (e.g., optimized for IEEE 802.11), a general purpose processor, an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA), a reduced instruction set controller (RISC) processor, an integrated circuit, or the like. Qualcomm Atheros, Broadcom Corporation, and Marvell Semiconductors manufacture processors that are optimized for IEEE 802.11 devices. The processor 920 can be single core, multiple core, or include more than one processing elements. The processor 920 can be disposed on silicon or any other suitable material. The processor 920 can receive and execute instructions and data stored in the memory 910 or the storage device 930.

The storage device 930 can be any non-volatile type of storage such as a magnetic disc, EEPROM, Flash, or the like. The storage device 930 stores code and data for applications.

The I/O port 940 further comprises a user interface 942 and a network interface 944. The user interface 942 can output to a display device and receive input from, for example, a keyboard. The network interface 944 connects to a medium such as Ethernet or Wi-Fi for data input and output. In one embodiment, the network interface 944 includes IEEE 802.11 antennae.

Many of the functionalities described herein can be implemented with computer software, computer hardware, or a combination.

Computer software products (e.g., non-transitory computer products storing source code) may be written in any of various suitable programming languages, such as C, C++, C#, Java, JavaScript, PHP, Python, Perl, Ruby, and AJAX. The computer software product may be an independent application with data input and data display modules. Alternatively, the computer software products may be classes that are instantiated as distributed objects. The computer software products may also be component software such as Java Beans (from Sun Microsystems) or Enterprise Java Beans (EJB from Sun Microsystems).

Furthermore, the computer that is running the previously mentioned computer software may be connected to a network and may interface to other computers using this network. The network may be on an intranet or the Internet, among others. The network may be a wired network (e.g., using copper), telephone network, packet network, an optical network (e.g., using optical fiber), or a wireless network, or any combination of these. For example, data and other information may be passed between the computer and components (or steps) of a system of the invention using a wireless network using a protocol such as Wi-Fi (IEEE standards 802.11, 802.11a, 802.11b, 802.11e, 802.11g, 802.11i, 802.11n, and 802.ac, just to name a few examples). For example, signals from a computer may be transferred, at least in part, wirelessly to components or other computers.

In an embodiment, with a Web browser executing on a computer workstation system, a user accesses a system on the World Wide Web (WWW) through a network such as the Internet. The Web browser is used to download web pages or other content in various formats including HTML, XML, text, PDF, and postscript, and may be used to upload information to other parts of the system. The Web browser may use uniform resource identifiers (URLs) to identify resources on the Web and hypertext transfer protocol (HTTP) in transferring files on the Web.

This description of the invention has been presented for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form described, and many modifications and variations are possible in light of the teaching above. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications. This description will enable others skilled in the art to best utilize and practice the invention in various embodiments and with various modifications as are suited to a particular use. 

I claim:
 1. A computer-implemented method for granting access to a specific living user over a data communication network, the method comprising: receiving an access request from the specific living user, wherein access is granted utilizing biometric authentication enhanced with non-invasive bone surface matching internal to and unique to the specific living user; scanning, with an external device for scanning internal characteristics of the surface of the bone, a living body part to generate an anatomical multi-dimensional image internal to the specific living user, responsive to the access request received; generating a vertices profile of the bone surface unique to the living body part by: identifying locations of peaks and divots from the anatomical multi-dimensional image of the living body part; calculating relative locations of the peaks and divots to each other from the identified locations; and generating a vector mapping based on distances of peaks and divots from each other to describe the relative locations; determining, via transmission from a network interface to the processor and memory of the authentication server over the data communication network, if the generated vertices profile for the specific living user and a database stored vertices profile for the specific living user, through comparison, meet a pre-determined threshold of accuracy; and responsive to a determination, via transmission to the network interface from the authentication server, that the generated vertices profile and the database stored vertices profile meets a pre-determined threshold of accuracy, granting the access request to the specific living user.
 2. The method of claim 1 further comprising: determining, from a light transducer device, a light transducer profile generated from light transducer data produced by the light transducer device exposing one or more vascular characteristics for human or non-human verification of the specific living user; determining if comparing the generated light transducer profile and a database stored light transducer profile, through comparison, meets a pre-determined threshold of accuracy; and responsive to a determination that the generated light transducer profile and a database stored generated light transducer profile meets a pre-determined threshold of accuracy and responsive to a determination that the generated vertices profile and a database stored vertices profile meeting a pre-determined threshold of accuracy, granting the access request to the specific living user.
 3. The method of claim 2 wherein the generated light transducer profile comprises at least one of: light transducer characteristics and color signatures within a range of data on file for the live human or live non-human.
 4. The method of claim 1, wherein the access grant step is further based on: successfully authenticating a vascular structure comprising branches and traversals of vascular structure.
 5. The method of claim 2 further comprising: illuminating the human or non-human body part with a light transducer during the image scan.
 6. The method of claim 1, further comprising: sending a message indicating authentication is successful to at least one of: the specific user, a display, and a processing component.
 7. The method of claim 1 wherein the step of generating the vertices profiles generating a second vertices profile of a vascular structure unique to the living body part; determining if the generated second vertices profile meets a pre-determined threshold of accuracy for vector mapping of traversals and branches of the vascular structure, wherein the granting access step comprises: responsive to a determination that the vascular structure and responsive to a determination that the bone surface information meets a pre-determined threshold of accuracy for additional verification, performing the granting authentication step.
 8. The method of claim 1 wherein the authentication granted provides for a particular level of permissions associated with a user policy for the specific living user.
 9. The method of claim 8 further comprising: receiving proof of life verification information for the living body part; determining if the proof of life verification information, through comparison, meets a pre-determined threshold of accuracy; and responsive to a determination that the proof of life verification information and information for the user account meeting pre-determined threshold of accuracy for additional verification, performing the granting authentication step.
 10. The method of claim 1, wherein the scanning device operates in an ultrasound frequency range.
 11. The method of claim 1, wherein the scanning device operates in a terahertz frequency range.
 12. The method of claim 1, wherein the living non-human body part comprises either a human or non-human body part.
 13. A computer-implemented method for granting access to a specific living user over a data communication network the access grant method comprising: receiving an access request from the specific living user, wherein access is granted utilizing biometric authentication enhanced with non-invasive bone surface matching internal to and unique to the specific living user; scanning, with an external device for scanning internal characteristics of the surface of vascular vessels, a living body part to generate an anatomical multi-dimensional image internal to the specific living user, response to the access request received; generating a vertices profile of the vascular vessels unique to the living body part by: identifying locations of branches and traversals from the anatomical multi-dimensional image of the living body part; calculating relative locations of the branches and traversals to each other from the identified locations; and generating a vector mapping based on distances of branches and traversals from each other to describe the relative locations; determining, via transmission from a network interface to the processor and memory of the authentication server over the data communication network, if the generated vertices profile for the specific living user and a database stored vertices profile for the specific living user, through comparison, meet a pre-determined threshold of accuracy; and responsive to a determination, via transmission to the network interface from the authentication server, that the generated vertices profile and the database stored vertices profile meets a pre-determined threshold of accuracy, granting the access request to the specific living user.
 14. A computer-implemented method in an authentication server for biometric authentication of a specific living user the method comprising: receiving an access request at a network interface of an access server coupled to a data communication network, wherein access is granted utilizing biometric authentication enhanced with non-invasive bone surface matching internal to and unique to the specific living user; receiving a data transmission comprising an anatomical multi-dimensional image scanned of a living human or non-human body part by a scanning device of a biometric device, wherein the anatomical multi-dimensional image comprises at least one of a plurality of relative locations between peaks and divots localized to a bone surface, and a plurality of relative locations of branch intersections and traversals between intersections localized to a vascular vessel structure; determining, via transmission from a network interface to the processor and memory of the authentication server, if the generated vertices profile and a database stored vertices profile, through comparison, meets a pre-determined threshold of accuracy; and responsive to a determination that the generated vertices profile and a database stored vertices profile meets a pre-determined threshold of accuracy, granting authentication to the specific living user through the network interface of the authentication server.
 15. The method of claim 14 further comprising: receiving at a network interface of the authentication server, from a biometric device, a light transducer profile generated from light transducer data produced by a light transducer device exposing one or more blood characteristics for live human verification; determining if the generated light transducer profile and a database stored generated light transducer profile, through comparison, meets a pre-determined threshold of accuracy; and responsive to a determination that the received generated light transducer profile and a database stored generated light transducer profile meets a pre-determined threshold of accuracy and responsive to a determination that the generated vertices profile and a database stored vertices profile meeting a pre-determined threshold of accuracy, performing the access grant step receiving a generated light transducer profile from the biometric device, the generated light transducer profile providing one or more characteristics for live human identification; determining if the received generated light transducer profile and a database stored generated light transducer profile, through comparison, meets a pre-determined threshold of accuracy; and responsive to a determination that the received generated light transducer profile and a database stored light transducer profile meets a pre-determined threshold of accuracy and responsive to a determination that the generated vertices profile and a database stored vertices profile meeting a pre-determined threshold of accuracy, providing authentication to the specific living user.
 16. The method of claim 15 wherein the light transducer profile comprises at least one of: light transducer characteristics within a range of live human or non-human data.
 17. The method of claim 14 wherein the step of responsive to a determination that the generated vertices profile and a database stored vertices profile meeting a pre-determined threshold of accuracy further comprises: sending a message indicating authentication is successful to at least one of: the specific user, a display, and a processing component.
 18. The method of claim 14 wherein the step of receiving an anatomical multi-dimensional image from a biometric device further comprises: receiving one or more additional characteristics associated with the multi-dimensional image including at least one of: a light transducer profile or a bone surface profile determining if the vascular and bone surface verification information, through comparison, meets a pre-determine threshold of accuracy, wherein the granting access step comprises: responsive to a determination that the vascular and bone surface verification information and information for the user account meeting pre-determined threshold of accuracy for additional verification, performing the granting authentication step.
 19. The method of claim 14 wherein the authentication granted provides for a particular level of permissions associated with a user policy for the specific living user.
 20. The method of claim 19 further comprising: receiving proof of life verification information for the specific living user human or non-human body part; determining if the proof of life verification information, through comparison, meets a pre-determined threshold of accuracy; and responsive to a determination that the proof of life verification information and information for the user account meeting pre-determined threshold of accuracy for additional verification, performing the granting authentication step.
 21. A computer-implemented method for granting access to a specific living user over a data communication network the access grant method comprising: receiving an access request from the specific live user, wherein access is granted utilizing biometric authentication enhanced with non-invasive bone surface matching internal to and unique to the specific living user; scanning, with an external device for scanning internal characteristics of the surface of the bone, a living body part to generate an anatomical multi-dimensional image internal to the specific living user, responsive to the access request received; generating a vertices profile of the bone surface unique to the living body part by: identifying locations of peaks and divots of the bone surface from the anatomical multi-dimensional image of the living body part; calculating relative locations of the peaks and divots to each other from the identified locations; and generating a vector mapping based on distances of peaks and divots from each other to describe the relative locations; generating a light transducer profile of the specific living user from a light transducer, wherein the generated light transducer profile comprises at least one of: light transducer characteristics and color signatures within a range of data on file for the live human or live non-human determining, via transmission from a network interface to the processor and memory of the authentication server over the data communication network: if the generated vertices profile for the specific living user and a database stored vertices profile for the specific living user, and if the generated light transducer profile for the specific living user and a data base stored light transducer profile for the specific living user, through comparison, meet a pre-determined threshold of accuracy; and responsive to a determination, via transmission to the network interface from the authentication server, that the generated vertices profile and the database stored vertices profile meets a pre-determined threshold of accuracy, granting the access request to the specific living user. 